Comments on: How to Create a Memorable Super Secure Password

By: Cecilia forest

Cecilia forest — Sun, 07 Nov 2010 17:39:00 +0000

greate ideas for future purposes

By: Martin

Martin — Tue, 06 Apr 2010 04:25:57 +0000

Password must be like this_ (…i am not 99 yet…)

By: Comment choisir un mot de passe à la fois sécurisé et mémorisable ? | Geekly News

Mon, 23 Nov 2009 17:25:59 +0000

[...] pour trouver un mot de passe à la fois blindé et facile à retenir. Suite à la lecture de ce billet sur Carsonified aujourd’hui, j’ai eu envie de vous faire part de mon propre langage de [...]

By: Chris

Chris — Fri, 09 Oct 2009 11:58:29 +0000

I have also read and benefited from that article you mention, and I’m surprised no one has commented on it. I say that because unlike ALL the rest of the comments here, he has gone through the trouble of actually benchmarking his assumptions of what works and not. His findings are among others that you *should* split up words and use as a “pass phrase”, not a single “pass word”, like this article suggests.

So if we should use pass phrases with spaces for security, why not “Keep It Simple, Stupid” and write full sentences with proper punctuation. These would be hard to brute force, and are extremely easy to remember. They are long enough and contain the special characters+numbers needed at some sites, they can be adjusted over time and differ for each site/domain:

Company pass phrase:
“My 5th Company pass!”

Somebank.com account:
“Somebank: Chris the 3rd!”

By: sean

sean — Tue, 01 Sep 2009 12:59:23 +0000

Most of my passwords are simply patterns on the keyboard. I’d struggle to tell them to someone in words – I have to see the keyboard in order to type the password. They are still character based, but it’s all in how you look at it :-)

By: Marian

Marian — Mon, 31 Aug 2009 14:41:47 +0000

What a great ideas. The things what I am pretty sure about even thought I’m not doing that anymore (however used to) is that people tend to use very same password for everything.
So if done that it is really very important to have kind of password which is untraceable.

Thank for all those great ideas.

By: Kenali Dan Kunjungi Objek Wisata Di Pandeglang

Kenali Dan Kunjungi Objek Wisata Di Pandeglang — Fri, 28 Aug 2009 22:58:57 +0000

so very good

By: Kenali Dan Kunjungi Objek Wisata Di Pandeglang

Kenali Dan Kunjungi Objek Wisata Di Pandeglang — Fri, 28 Aug 2009 22:58:19 +0000

so informatif

By: Unique Jewelry - Body Jewelry - Diamond Jewelry - Peacock Ring

Unique Jewelry - Body Jewelry - Diamond Jewelry - Peacock Ring — Fri, 28 Aug 2009 22:57:21 +0000

nice infomation

By: Andres

Andres — Fri, 28 Aug 2009 01:29:01 +0000

Have you seen http://www.passwordbird.com/ ?

By: dan

dan — Mon, 24 Aug 2009 10:57:49 +0000

What do people think about password managers on client side. Like firefox has a password manager built in. Just remember the one password, and it has lists of the others and the websites they correspond too, even fills them out automatically. You only have to create and remember one strong password.

By: MacDaddy Links of the Week: Aug. 2-8 | bkmacdaddy designs

MacDaddy Links of the Week: Aug. 2-8 | bkmacdaddy designs — Sun, 09 Aug 2009 14:47:12 +0000

[...] hodge podge of stuff that doesn’t fit in the above categories How to Create a Memorable Super Secure Password 20 Simple Productivity Tools for Bloggers Death To Creatives!!! IE6 MUST DIE: 70+ Sites Unite to [...]

By: John F Croston III

John F Croston III — Sun, 09 Aug 2009 14:37:06 +0000

At my current job we are required to have 10 to 16 character passwords, depending on system, that include capital letters, numbers, and even special characters. One of my old co-workers that had to help set up temp passwords for people used to ask them to give him the first three letters of the of the make of there car, then the year, model of the car, and some other random special characters. All you have to do is capitalize the first letter of each set of words and your done.

Here is an example – For89Fie#^ which would be for a 1989 Ford Fiesta (not my car). You could also add more numbers, the color of the car, lengthen the words, and/or add more special characters to make password as long as needed. In the end of year and a half of me listening to him ask hundreds of people this question only one time he had to do something else, because the person did not own a car and never had.

An old boss used to work at a grocery store as the manager so he had to change passwords a lot so he would put parts of random items from the store together with numbers and special characters in his passwords like – Ban39Card#^ for banana 39 card #^.

Hope these ideas are helpful.

By: Media » Blog Archive » 5 Social Media Tips for Marketers

Media » Blog Archive » 5 Social Media Tips for Marketers — Fri, 07 Aug 2009 00:44:56 +0000

[...] from a third-party site (e.g. Youtube, Slideshare etc) onto a corporate or branded website. Create super-strong passwords and limit then number of people who have access to them. Often if content from third-party links [...]

By: Sandra

Sandra — Tue, 04 Aug 2009 23:43:23 +0000

I use this simple method which has never failed. I simply use the word “password” but replace the “o” with a zzero (0), and make the “d” letter uppercase. Then I add a number to the end, which I increment every so often. So my last password was passw0rD31, and now it is passw0rd32 and so forth. Whilst I like your method using two words I think it is a little complicated and one could easily forget which words they had picked!

By: Oliver Lorton

Oliver Lorton — Tue, 04 Aug 2009 20:44:43 +0000

There are some really interesting comments here. I’ve been recently thinking about this problem myself, and have found that Steve Gibson of the Security Now Podcast (www.grc.com/securitynow) has a really good run down of the different options in my opinion. See episodes #4 & #5.

On thing that he does point out is that contrary to popular opinion, writing down highly randomized passwords is a good solution. This is because the main vector of attack is over the internet, rather than in person, after all we are used to looking after and protecting things like our wallets, phones, car keys, etc.

I personally write all my passwords down on paper (stored in my wallet) with a slight modification (same for each password), such as swapping the 1st and 5th characters, adding the number 4 to the 4th position, and ignoring the last character. So an attacker needs access to my paper hard copy and needs to know the exact process required to decrypt it.

By: links for 2009-08-04 « Giri’s Blogmarks

links for 2009-08-04 « Giri’s Blogmarks — Tue, 04 Aug 2009 18:02:08 +0000

[...] How to Create a Memorable Super Secure Password (tags: tips howto) [...]

By: Shiju Alex

Shiju Alex — Tue, 04 Aug 2009 10:04:15 +0000

Hi Sam,

Yeah, I have seen those virtual keyboards.
But some of the keyloggers even take screenshots and screen captures. [To hell with the keyloggers]

BTW, I liked the idea of eye tracking :) and your blog is interesting too.

By: anansi

anansi — Mon, 03 Aug 2009 14:33:22 +0000

this is a great idea indeed. but the only problem could be the memorizing part. in my case, it always happens where i will forget the “super” password i created, despite the security questions. maybe a sign of old age? heheh.

By: Christophe Deliens

Christophe Deliens — Mon, 03 Aug 2009 13:34:52 +0000

Hmmm, seems the blog broke my link.
Here it is: http://en.wikipedia.org/wiki/MD5

By: Christophe Deliens

Christophe Deliens — Mon, 03 Aug 2009 13:34:21 +0000

(nearly off topic)

If you use the “forgot password” feature on a website and it sends you your current password, it means the password in not encrypted on their side -> if that website gets hacked, so will your password! Not good :)

To website developers: store your visitors passwords in MD5 (http://en.wikipedia.org/wiki/MD5).
To log your visitors in, simply compare a the stored MD5 with the MD5 version of the password they submit in the login form.

By: Bill

Bill — Mon, 03 Aug 2009 13:17:39 +0000

Nice Blog.

For home users there are thousands of solutions available to sort this password problems. But Imagine an enterprise where you have about 100-1000′s of workers employed, who use passwords for doing almost everything.

Especially with all those high tech computers, appliances, network devices and even Databases and critical info files, it is going to be an impossible task to manage all these passwords manually. The Password Manager Pro which a user friendly tool that can be used to manage 1000′s of passwords. It has all the features that are required to manage enterprise passwords.

Employees dont have to remember even a single password and this tool allows them to have their passwords changed automatically with a random password so that you can have your password in compliance with the organizational policies. Out of all, the tool is damn cheap and so it is not going to occupy a big palace inn your budget. More info about the tool is here…www.passwordmanagerpro.com

For more info about the security aspects and ideas, mail me at forever_shree@hotmail.com

Cheers,
Bill

By: Ivan Jovanovic

Ivan Jovanovic — Fri, 31 Jul 2009 12:05:00 +0000

There is something better than remembering several complicated passwords. Take one complicated password and one rule that will produce indefinite set of complicated passwords by applying the rule to the already complicated base. Then apply the rule until you password for the particular site. Of course, for sites that you use everyday, you’ll know it already without applying the rule.

Also for sites that are not so important take simpler passwords and apply less complicated rule to them. Less complications :)

By: Khürt Williams

Khürt Williams — Fri, 31 Jul 2009 10:44:16 +0000

I use this approach as well but use phrases from a sci fi novels or movie. “The force is stong with this one” or “Nothing unreal exists”.

By: shekatz

shekatz — Fri, 31 Jul 2009 01:51:59 +0000

That’s a very good topic to be discuss everyone. Security matters, especially for a private computer.

By: Dan

Dan — Thu, 30 Jul 2009 21:50:38 +0000

I use a similar idea. Restrict my most secure password to things like my main gmail account. Use random passwords for my clients sites and a common “easy” password for things like random forums/webapps etc.

By: Ross Bearman

Ross Bearman — Thu, 30 Jul 2009 20:16:31 +0000

Once I got over the idea of having my passwords stored in the cloud, I began to swear by LastPass. I can use it on all my devices, on any computer and everything is encrypted client side.

It generates random passwords, based on criteria you specify (length, punctuation, numbers, capitalisation.)

I use it for absolutely everything, keeping the password file backed up on an IronKey and several non-networked drives.

By: Alex Jones (@BaldMan)

Alex Jones (@BaldMan) — Thu, 30 Jul 2009 16:10:15 +0000

Nice write-up. A while back I wrote up my process for creating a complex, yet memorable site-specific password, which a lot of people have found useful. It follows the same path as this article, but it takes it a bit further. I did my best to include examples of each step to make it as easy as possible.

Creating and Remembering Complex Passwords
http://www.silverspider.com/2009/creating-and-remembering-complex-passwords/

I’d love feedback on the process from any and all!

By: Sparkling Ideas

Sparkling Ideas — Thu, 30 Jul 2009 15:59:31 +0000

Try http://www.lastpass.com, save yourself all this trouble!

By: Loopion

Loopion — Thu, 30 Jul 2009 13:58:28 +0000

I personally use statistics to create/remember my passwords

o45%ufftbo

that’s give you:

“only 45 % user feel free to buy online”

Everybody have statistics in head! Don’t you?